Data Collection of Sensitive Information Restricted by FINRA for CARDS Program

At the beginning of March 2014, the Financial Industry Regulatory Authority (“FINRA”) announced that they would amend their proposal, pursuant to Regulatory Notice 13-42, for a Comprehensive Automated Risk Data System (“CARDS”) to include restrictions on the amount of sensitive information that the system will collect. Originally launched as a proposal in December 2013, this recent move away from the collection of certain sensitive information – such as “account name, address, and tax identification number” of clients – is understood, in part, to be a reaction against public criticism arising in the form of more than 40 comments from industry members and investors in December. Many of these comments sought for further definition by the agency on what information is collected, and how it is stored and kept secure.

The how’s and what’s of investor information collection has long been a sticky issue in the financial industry, and the terms and operations of the proposed CARDS system are no different. While CARDS will not require the submission of client information such as account name, address and tax ID number, its mission – to “monitor firms by automatically collecting data on account activity” in order to “identify trouble spots [like]…churning or unsuitable investments” – does not limit the collection of other information, including trading information and information which allows the CARDS system to “build out customer profiles based on investment objectives and date of birth”. With the extended comment period for this proposal ending March 21st, there will likely be more questions and debate over financial data collection, and its possible complications with investor information protection.

For further information on this and other related subjects, please contact us at info@corecls.com or (619) 278-0020.